Tech
Google is closing the Android Bug Reward Program.
Google has decided to shut down the Android Vulnerability Reward Program. What does this change mean for security researchers and developers? Learn about the details regarding the program’s termination and future alternatives.
Google Shuts Down Bug Bounty Program for Android Applications
Technology giants run bug bounty programs that offer significant rewards to security researchers and hackers to detect vulnerabilities in their products and services. In this context, Google also conducts the Android and Google Device Security Reward Program, which pays researchers who identify vulnerabilities in both hardware and software products. However, it has been reported that Google has decided to discontinue one of its most important initiatives in the field of security, the Google Play Security Reward Program.
The Google Play Security Reward Program offers rewards of up to $20,000 to security researchers who find remote code execution vulnerabilities without user interaction. Launched in 2017, this program was expanded in 2019 to cover all Android applications, which reached over 100 million downloads. However, according to a report by Android Authority, Google has announced to registered developers that it is permanently shutting down this reward program and has set August 31, 2024, as the deadline for submitting bug bounty reports. After this date, the company will not consider any reports in this context.
While it is stated that final award decisions regarding submitted reports will be made by September 30, 2024, Google assures that it will carefully review all reports submitted before the program ends. In its email, the company stated that it made the decision to shut down this program due to the overall improvement in the security posture of the Android operating system and efforts to enhance features. This has led to a decrease in the number of vulnerabilities reported by researchers.
In its recent annual report, Google announced that it has stopped 2.28 million applications that violate privacy and banned 333,000 malicious developer accounts. Additionally, it announced that significant improvements, such as real-time scanning against Android malware, have been made in the past year. Recently, it has strengthened the Play Integrity API with in-app signals to prevent fraudulent activities. All these improvements significantly contribute to the reduction of vulnerabilities in Android applications and the ecosystem.